Self-evaluative privilege;

Page 1

Self-Evaluative Privilege
Thomas E. Powell
Institute of Internal Auditors, Inc.
As the Director of Professional Practices with the Institute of Internal Auditors (IIA), I respond to many, and duck some, questions from practitioners and others regarding all manner of issues with which practitioners are confront-ed daily. In recent years one question seems to be asked more frequently. The question is:
How can we protect our workpapers and reports from access by parties other than those for whom they were prepared?
External auditors are familiar with both protecting their workpapers from access and having their reports used by third parties. Auditing students learn early that Ultramares v. Touche & Co. [1931] means third parties need to be carefully considered in the audit process. Internal auditors usually aren't con-cerned about that sort of thing. After all, their work is only for the use of their organization and they are a part of that organization. Or are they?
How Internal Auditors See Themselves
Internal auditing is defined in the Statement of Responsibilities of Internal Auditing [IIA, 1990] as follows:
Internal Auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization. The objective is to assist members of the organization in the effective discharge of their responsibilities. To this end, internal auditing furnishes them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed.1
It is this position that allows an internal auditor to use his or her detailed knowledge of the entity's policies, procedures, and environment to appraise the function and apprise management of existing or potential problem areas.
In earlier versions of the Statement of Responsibilities of Internal Auditing [1947, 1957, 1971, 1976] the wording was more narrow and implied a stronger allegiance to management: "Internal Auditing is an independent appraisal activ-ity within an organization for the review of operations as a service to manage-ment."
In 1981 and subsequent versions "service to management" was changed to "service to the organization." This new broad allegiance provides a professional basis for departing from the interest of management. It also provides a basis for
The Institute of Internal Auditors, Inc., Statement of Responsibilities of Internal Auditing (Altamonte Springs, Florida: The Institute of Internal Auditors, Inc., 1990).
99